Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-27280HistoryMay 14, 2024 - 3:11 p.m.
CVE-2024-27280
2024-05-1415:11:56
Debian Security Bug Tracker
security-tracker.debian.org
7
buffer overread
stringio
unix
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | ruby2.5 | <= 2.5.5-3+deb10u4 | ruby2.5_2.5.5-3+deb10u4_all.deb |
| Debian | 11 | all | ruby2.7 | <= 2.7.4-1+deb11u1 | ruby2.7_2.7.4-1+deb11u1_all.deb |
| Debian | 12 | all | ruby3.1 | < 3.1.2-7+deb12u1 | ruby3.1_3.1.2-7+deb12u1_all.deb |
| Debian | 999 | all | ruby3.1 | <= 3.1.2-8.3 | ruby3.1_3.1.2-8.3_all.deb |
| Debian | 13 | all | ruby3.1 | <= 3.1.2-8.3 | ruby3.1_3.1.2-8.3_all.deb |
| Debian | 999 | all | ruby3.2 | < 3.2.3-1 | ruby3.2_3.2.3-1_all.deb |
Related
alpinelinux
alpinelinux
CVE-2024-27280
2024-05-14 15:11:56
cvelist
cvelist
CVE-2024-27280
1976-01-01 00:00:00
github
github
StringIO buffer overread vulnerability
2024-03-25 19:36:52
cve
cve
CVE-2024-27280
2024-05-14 15:11:56
cgr
cgr
CVE-2024-27280 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-27280
2024-03-21 18:15:36
osv
osv
StringIO buffer overread vulnerability
2024-03-25 19:36:52
CVE-2024-27280
2024-05-14 15:11:56
ruby3.1 - security update
2024-05-03 00:00:00
nvd
nvd
CVE-2024-27280
2024-05-14 15:11:56
vulnrichment
vulnrichment
CVE-2024-27280
1976-01-01 00:00:00
wolfi
wolfi
CVE-2024-27280 vulnerabilities
2024-06-26 09:08:30
ubuntucve
ubuntucve
CVE-2024-27280
2024-05-14 00:00:00
veracode
veracode
Buffer Over-read
2024-03-29 07:40:04
nessus
nessus
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1846)
2024-06-25 00:00:00
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1825)
2024-06-25 00:00:00
AlmaLinux 8 : ruby:3.3 (ALSA-2024:3670)
2024-06-10 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1846)
2024-06-25 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1825)
2024-06-25 00:00:00
Fedora: Security Advisory for ruby (FEDORA-2024-14db7b21a2)
2024-05-27 00:00:00
rocky
rocky
ruby:3.1 security, bug fix, and enhancement update
2024-06-14 13:59:30
ruby:3.1 security, bug fix, and enhancement update
2024-06-14 14:00:40
ruby:3.3 security, bug fix, and enhancement update
2024-06-14 14:00:40
debian
debian
[SECURITY] [DSA 5677-1] ruby3.1 security update
2024-05-03 19:47:30
redhat
redhat
(RHSA-2024:3500) Moderate: ruby:3.0 security update
2024-05-30 12:07:40
oraclelinux
oraclelinux
ruby:3.3 security, bug fix, and enhancement update
2024-06-07 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-06-03 00:00:00
ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
slackware
slackware
[slackware-security] ruby
2024-04-23 22:33:22
almalinux
almalinux
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-03 00:00:00
Moderate: ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
Moderate: ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2024-05-09 05:40:29
fedora
fedora
[SECURITY] Fedora 40 Update: ruby-3.3.1-7.fc40
2024-05-03 01:46:00
[SECURITY] Fedora 38 Update: ruby-3.2.4-182.fc38
2024-05-04 02:20:05
[SECURITY] Fedora 39 Update: ruby-3.2.4-182.fc39
2024-05-04 01:33:23
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0247
2024-04-16 00:00:00